What is Secondary DNS?

Secondary DNS is available for domains on Enterprise plans.

Secondary DNS allows Cloudflare to act as a Secondary DNS provider to another organization's Master DNS. With Secondary DNS, DNS entries are edited in a system outside of Cloudflare and changes are transferred to Cloudflare's infrastructure.

If the current DNS provider does not support Zone Transfer, Cloudflare cannot become a Secondary DNS provider.

Prerequisites

1. Contact your Cloudflare Account team:

Request Secondary DNS to be enabled.

Request the configuration parameters to set at the primary DNS provider.

2. In the Cloudflare Overview app for the domain requiring Secondary DNS:

Identify the Cloudflare Account ID.

Identify the Cloudflare Zone ID.

Note the two Cloudflare Nameservers.

If the Cloudflare Nameservers don't contain secondary in the name, confirm the Cloudflare Account team has enabled Secondary DNS.

The Cloudflare DNS UI will be disabled for Secondary Zones since records are managed through the primary DNS provider's Master server.

STEP 4 - Testing Secondary DNS

Add a TXT record to the primary DNS provider to test transfer to Cloudflare's Secondary DNS servers. Then, verify the TXT record is visible when querying Cloudflare's nameservers. Replace nsNNNNwith the correct name of a Cloudflare Secondary DNS servers for the domain:

dig @nsNNN.secondary.cloudflare.com :zone_name txt +short

The Cloudflare Analytics app will continue to provide DNS data but only for DNS requests that Cloudflare's nameservers answer.